Aram Sargsyan [Mon, 25 Mar 2024 14:35:20 +0000 (14:35 +0000)]
Rename and fix dns_validator_destroy() to dns_validator_shutdown()
Since the dns_validator_destroy() function doesn't guarantee that
it destroys the validator, rename it to dns_validator_shutdown()
and require explicit dns_validator_detach() to follow.
Enforce the documented function requirement that the validator must
be completed when the function is called.
Make sure to set val->name to NULL when the function is called,
so that the owner of the validator may destroy the name, even if
the validator is not destroyed immediately. This should be safe,
because the name can be used further only for logging by the
offloaded work callbacks when they detect that the validator is
already canceled/complete, and the logging function has a condition
to use the name only when it is non-NULL.
Evan Hunt [Tue, 26 Mar 2024 09:13:53 +0000 (02:13 -0700)]
complete removal of isc_loop_current()
isc_loop() can now take its place.
This also requires changes to the test harness - instead of running the
setup and teardown outside of th main loop, we now schedule the setup
and teardown to run on the loop (via isc_loop_setup() and
isc_loop_teardown()) - this is needed because the new the isc_loop()
call has to be run on the active event loop, but previously the
isc_loop_current() (and the variants like isc_loop_main()) would work
even outside of the loop because it needed just isc_tid() to work, but
not the full loop (which was mainly true for the main thread).
Evan Hunt [Tue, 26 Mar 2024 07:13:45 +0000 (00:13 -0700)]
use a thread-local variable to get the current running loop
if we had a method to get the running loop, similar to how
isc_tid() gets the current thread ID, we can simplify loop
and loopmgr initialization.
remove most uses of isc_loop_current() in favor of isc_loop().
in some places where that was the only reason to pass loopmgr,
remove loopmgr from the function parameters.
update foundname when detecting a zonecut above qname
an assertion could be triggered in the QPDB cache if a DNAME
was found above a queried NS, because the 'foundname' value was
not correctly updated to point to the zone cut.
the same mistake existed in qpzone and has been fixed there as well.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Restore consistency in YAML anchor names
Commit a4e9ce500a42d596e64c477df66c9bcdd692b06b added "pipelines" to CI
job trigger lists without updating the names of the YAML anchors
containing those lists accordingly. Update YAML anchor names so that
they are consistent with their own contents.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Do not check CHANGES in pre-release pipelines
Since pre-release testing is usually carried out for branches in which
CHANGES entries are intentionally malformed to prevent entry numbering
conflicts down the road, do not run the "changes" GitLab CI job in
pipelines that are triggered by a parent pipeline (which can currently
only be a pre-release testing pipeline) to prevent triggering job
failures that would be meaningless anyway.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Extract CHANGES checks to a separate GitLab CI job
Checking the contents of the CHANGES file currently requires invoking
multiple shell scripts. These invocations are conflated with those for
other test scripts in the "misc" GitLab CI job. Extract the commands
checking the contents of the CHANGES file to a separate GitLab CI job,
"changes", to improve readability. Remove similar checks for the
CHANGES.SE file altogether as they are only relevant for BIND -S and
therefore should not be present in an open source branch.
Mark Andrews [Mon, 9 Oct 2023 23:54:16 +0000 (10:54 +1100)]
Checking nxdomain-redirect against built-in RFC-1918 zone
Check that RFC 1918 leak detection does not trigger an assertion
when nxdomain redirection is enabled in the server but not for the
RFC 1918 reverse namespace.
Matthijs Mekking [Tue, 19 Mar 2024 07:48:56 +0000 (08:48 +0100)]
Fix fix_iterator hang
If there are no more previous leaves, it means the queried name
precedes the entire range of names in the database, so we should just
move the iterator one step back and return, instead of continuing our
search for the predecessor.
This is similar to an earlier bug fixed in an earlier commit:
Matthijs Mekking [Tue, 19 Mar 2024 08:45:59 +0000 (09:45 +0100)]
Add a test case for fix_iterator hang
When fixing the iterator, when every leaf on this branch is greater
than the one we wanted we go back to the parent branch and iterate back
to the predecessor from that point.
But if there are no more previous leafs, it means the queried name
precedes the entire range of names in the database, so we would just
move the iterator one step back and continue from there.
This could end in a loop because the queried name precedes the entire
range of names and so none of those names are the predecessor of the
queried name.
Tom Krizek [Mon, 26 Feb 2024 17:08:23 +0000 (18:08 +0100)]
Re-enable enginepkcs11 system test
The condition in prereq.sh which attempts to match two string uses
integer equality operation. This results in an error, causing the
enginepkcs11 test to always be skipped. Use = operator for the string
comparison instead.
Tom Krizek [Thu, 14 Mar 2024 15:18:02 +0000 (16:18 +0100)]
Mark the autosign system test as flaky
The autosign test uses sleep in many cases to wait for something to
happen. This inevitably leads to an instability that manifests in our
CI. Allow an automatic rerun of the test to improve its stability.
Tom Krizek [Fri, 12 Jan 2024 14:03:53 +0000 (15:03 +0100)]
Export variable in resolver system test
Variable assignment when calling subroutines might not be portable.
Notably, it doesn't work with FreeBSD shell, where the value of HOME
would be ignored in this case.
Since the commands are already executed in a subshell, export the HOME
variable to ensure it is properly handled in all shells.
Michał Kępień [Thu, 21 Mar 2024 11:29:21 +0000 (12:29 +0100)]
Add "pipelines" to CI job trigger lists
To enable GitLab CI jobs in other projects to trigger pipelines in the
BIND 9 project using their CI_JOB_TOKEN, add "pipelines" to the relevant
GitLab CI job trigger lists.
Michał Kępień [Thu, 21 Mar 2024 05:47:29 +0000 (06:47 +0100)]
Work around a TSAN issue with newer kernels
The ThreadSanitizer version currently available from Fedora 39
repositories is unable to cope with very high ASLR entropy, which is the
default in some recent Linux distributions [1]. This causes all
TSAN-enabled builds to fail on the affected systems with an error like:
Tom Krizek [Wed, 13 Mar 2024 17:18:42 +0000 (18:18 +0100)]
Move conftest log initialization to conftest.py
Initializing the conftest logging upon importing the isctest package
isn't practical when there are standalone pieces which can be used
outside of the testing framework, such as the asyncdnsserver module.
Michał Kępień [Wed, 20 Mar 2024 08:22:36 +0000 (09:22 +0100)]
Add an async DNS server for use in system tests
Implement a new Python class, AsyncDnsServer, which can be used by
ans.py scripts placed in ansX/ system test subdirectories. This enables
conveniently starting a feature-limited, non-standards-compliant, custom
DNS server instance. It can read and serve zone files, but it is also
able to evaluate any user-provided query-processing logic, allowing
query responses to be changed, delayed, or dropped altogether. These
are all actions commonly taken by custom DNS servers written in Python
that are used in BIND 9 system tests. Having a single "base"
implementation of such a custom DNS server reduces code duplication,
improving test maintainability.
Evan Hunt [Tue, 12 Mar 2024 01:47:01 +0000 (18:47 -0700)]
reduce memory consumption of qpzone database
every node of a QP database contains a copy of the nodename,
which is used as the key for the QP-trie. previously, the name
was stored as a dns_fixedname object, which has room for up to
255 characters. we can reduce the space consumed by dynamically
allocating a dns_name object that's just long enough for the name
to be stored.
Matthijs Mekking [Tue, 12 Mar 2024 10:59:38 +0000 (11:59 +0100)]
Fix Coverity CID 487882: Error handling issues
The dns_qpiter_next() was called without checking the return value. If
we cannot move the iterator forward, there is no use in calling the
step() function.
/lib/dns/qpzone.c: 2804 in activeempty()
2798 * of the name we were searching for. Step the iterator
2799 * forward, then step() will continue forward until it
2800 * finds a node with active data. If that node is a
2801 * subdomain of the one we were looking for, then we're
2802 * at an active empty nonterminal node.
2803 */
>>> CID 487882: Error handling issues (CHECKED_RETURN)
>>> Calling "dns_qpiter_next" without checking return value (as is done elsewhere 26 out of 27 times).
2804 dns_qpiter_next(it, NULL, NULL, NULL);
2805 return (step(search, it, FORWARD, next) &&
2806 dns_name_issubdomain(next, current));
2807 }
projects / thirdparty / bind9.git / log
